No worries then. The IPA CA (dogtag) uses NSS for crypto so there is no way
the CA private key could have been exposed.
If you've issued SSL certs from the IPA CA for services running OpenSSL you
could re-issue those to be on the safe side, but IPA itself uses only NSS on
its servers.
Greg Harris wrote:
No worries then. The IPA CA (dogtag) uses NSS for crypto so there is no way the
CA private key could have been exposed.
If you've issued SSL certs from the IPA CA for services running OpenSSL you
could re-issue those to be on the safe side, but IPA itself uses only NSS on
I feel dumb, but I cannot seem to find anything about this. How do I rekey the
self-signed CA cert for IdM/IPA? It seems like it should be something simple,
but I’m not finding anything. CentOS 6.5 install. If you’ve got a place to
point me towards, that would be wonderful.
Thanks,
Greg
Greg Harris wrote:
I feel dumb, but I cannot seem to find anything about this. How do I
rekey the self-signed CA cert for IdM/IPA? It seems like it should be
something simple, but I’m not finding anything. CentOS 6.5 install. If
you’ve got a place to point me towards, that would be
Greg Harris wrote:
Rob,
Thanks for the quick response. It’s version 3.0, as included in CentOS
6.5 EPEL. Yes, I’m running the IPA CA, installed as a self-signed
setup. By rekey, I mean generating a new Public/Private key pair for
the CA certificate, and then subsequently rekeying all of the